Episode Details

Security news for this week:

• RDP and credentials that are not really revoked, and some RDP bitmap caching fun
• Some magic info on MagicINFO
• Vulnerability Management Zombies
• There is a backdoor in your e-commerce
• Airborne: vulnerabilities in AirPlay
• Bring your own installer - crafty EDR bypass
• The Signal clone used by US government officials: shocker: has been hacked
• AI slop vulnerability reporting
• Bricking iPhones with a single line of code
• Hacking planet technology
• Vibe hacking for the win?
• Cybersecurity CEO arrested for deploying malware
• Hello my perverted friend
• FastCGI - fast, but vulnerable

Chapters:

0:00 Opening and introductions
2:43 Panel introductions and conference recaps
4:46 Conference announcements and Corncon discussion
8:05 RSAC 2025 recap and vulnerability management trends
15:44 RDP credential revocation flaw in Windows 11
34:57 Apple AirPlay "wormable" vulnerabilities and third-party device risks
44:10 Signal clone breach used by US officials (TeleMessage incident)
55:38 Supply chain attack: Magento extensions backdoor
66:12 "Hello my perverted friend": Sextortion scam analysis
72:10 Security culture and phishing awareness at home
75:25 Digital signage vulnerabilities: Samsung MagicInfo
81:41 Threat hunting tradecraft and blue team operations
88:38 AI slop in vulnerability reporting and vibe hacking
98:59 Apple notification DoS and sandbox bypass
101:24 VMware licensing controversy and alternatives
107:14 CEO arrested for planting malware in hospital systems
116:06 FastCGI vulnerabilities in embedded/IoT systems
122:12 Rooting Android phones and device locking
124:08 Closing and outro

Show Notes: https://securityweekly.com/psw-873